An inquiry session represents a single instance of an end user accessing an inquiry. For example, it’s common for an end user to begin an inquiry on a desktop computer, then use Persona’s device handoff feature to switch over to their phone so they can more easily take a photo. In this scenario, a second session is created when the user switches to their phone.
An inquiry session is not the same as a device — a single device may have many sessions, but one session is tied to one device.
A session token is a JWT representation of an inquiry session. A session token enables an end user to access an in-progress inquiry (i.e. an inquiry with a “pending” status). In browser-based flows, session tokens are stored in session storage, which is local to the browser window that an end user is using to complete their inquiry. If a user closes an in-progress inquiry and reopens it in a separate browser window, they will lose their session token and see a ‘Session expired’ error. They will be unable to continue the inquiry unless a new session token is created or a new one-time link is generated.
When an inquiry session is created, its expiry time is set to match the inquiry’s expiry time. For more information, see Inquiry Expiration.
Note that modifying the inquiry’s expiry time (e.g. by resuming the inquiry) will not change the session’s expiry time.
By default, inquiries have a maximum of 25 sessions, after which no more sessions can be created. If you need to change this limit, please contact support or talk to your CSM.